Crash when adding vip to carp-enabled boxen
-
I'm following fully redundant carp tutorial and when I click to add the first virtual ip ( the wan one ), the master (the one I'm editing) takes a nose-dive.
There's some slight differences in my setup from the tutorial. I have 4 nics in the box. I rename OPT1 to WAN2 and OPT2 to SYNC. Also, there's no "preemption" option referred to by the tutorial and I turn on all the synchronization options except "load balancing" ( I want failover - not load balancing ).
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x5d
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc076be51
stack pointer = 0x28:0xd0a9db80
frame pointer = 0x28:0xd0a9dc40
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 15393 (ifconfig)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 3d3h28m40s
Cannot dump. No dump device defined.When I reboot the box, I get an error about a missing XML file ( sorry I wasn't able to capture the info before it scrolled by ), and I have to start completely over assigning interfaces and setting lan ip, etc…
I really want to use pfsense, especially for redundancy, but this is killing me. Please help/advise.
-
You can only add a carp ip if you have a ip on the same subnet on a real interface.
-
There's some slight differences in my setup from the tutorial. I have 4 nics in the box. I rename OPT1 to WAN2 and OPT2 to SYNC. Also, there's no "preemption" option referred to by the tutorial and I
And you show exactly why documenting something that's under development is nearly a pointless task. pre-emption is hardcoded to be on now - it's a good thing.
turn on all the synchronization options except "load balancing" ( I want failover - not load balancing ).
Load balancing has nothing to do with failover - that option is not a reference to the useless (and dangerous) load balancing option CARP can do.
–Bill
-
You can only add a carp ip if you have a ip on the same subnet on a real interface.
So I have to have a cable plugged into the wan port and the wan port configured for an ip address? I'm not 100% I did that first. I was trying to get it configured before actually plugging it in, but I will try it.
-
You can only add a carp ip if you have a ip on the same subnet on a real interface.
So I have to have a cable plugged into the wan port and the wan port configured for an ip address? I'm not 100% I did that first. I was trying to get it configured before actually plugging it in, but I will try it.
No matter what I try I keep getting "XML error: no pfsense object found!". It looks like I'm going to have to completely reinstall pfsense. It would be nice if the web gui would prevent me from trying to do things that will completely crater the install.
-
Bottom line is your hitting a kernel panic (freebsd crash).
There is little we can do about this. Try to configure it CORRECTLY and the crashes should stop.
-
Bottom line is your hitting a kernel panic (freebsd crash).
There is little we can do about this. Try to configure it CORRECTLY and the crashes should stop.
Is there a way I can make a copy of the xml file on the local filesystem so if it bombs again I don't have to start over from scratch?
-
If this is a full install, run this from a shell:
cvs_sync.sh releng_1
We've added some code to prevent this from happening.
-
Okay I finally got a chance to run the cvs_sync command and it worked this time.
I'm trying to go live with the system and I'm having a problem getting dns to work.
I haven't tested dhcp but I'm guessing it tells the clients to use the dns settings in the general setup page directly. I use mostly static ip on my network and would prefer to configure the clients' dns server to point to the LAN CARP IP. I know I could setup a forwarding rule in outbound nat, but I'm hoping there's a way to have the router itself perform the dns lookup so that I'm not tied to a specific dns server.
Here's my config file, I wiped out the public names and ip addresses and the passwords:
<pfsense><version>2.3</version> <lastchange><theme>metallic</theme> <system><optimization>normal</optimization> <hostname>wasrouter1</hostname> <domain>***.***.net</domain> <username>admin</username> <password>********</password> <timezone>America/Chicago</timezone> <time-update-interval>300</time-update-interval> <timeservers>pool.ntp.org</timeservers> <webgui><protocol>http</protocol></webgui> <dnsserver>*.*.169.1</dnsserver> <dnsserver>*.*.220.5</dnsserver> <dnsallowoverride></dnsallowoverride></system> <interfaces><lan><if>rl1</if> <ipaddr>192.168.0.250</ipaddr> <subnet>24</subnet> <media><mediaopt><bandwidth>100</bandwidth> <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> <wan><if>rl0</if> <mtu><blockpriv><media><mediaopt><bandwidth>100</bandwidth> <bandwidthtype>Mb</bandwidthtype> <disableftpproxy><ipaddr>*.*.218.247</ipaddr> <subnet>23</subnet> <gateway>*.*.219.252</gateway> <blockbogons><spoofmac></spoofmac></blockbogons></disableftpproxy></mediaopt></media></blockpriv></mtu></wan> <opt1><if>dc0</if> <descr>WAN2</descr> <bridge><enable><ipaddr>*.*.231.155</ipaddr> <subnet>23</subnet> <gateway>*.*.231.154</gateway> <spoofmac></spoofmac></enable></bridge></opt1> <opt2><if>fxp0</if> <descr>SYNC</descr> <bridge><enable><ipaddr>192.168.250.1</ipaddr> <subnet>24</subnet> <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt2></interfaces> <staticroutes><pppoe><pptp><bigpond><dyndns><type>dyndns</type> <username><password></password></username></dyndns> <dhcpd><lan><range><from>192.168.1.100</from> <to>192.168.1.199</to></range></lan></dhcpd> <pptpd><mode><redir><localip></localip></redir></mode></pptpd> <ovpn><dnsmasq><enable></enable></dnsmasq> <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag> <bridge><syslog><nat><ipsecpassthru><advancedoutbound><rule><source> <network>192.168.0.0/24</network> <sourceport><descr>use WAN carp for LAN</descr> <target>*.*.218.245</target> <interface>wan</interface> <destination><any></any></destination> <natport></natport></sourceport></rule> <enable></enable></advancedoutbound></ipsecpassthru></nat> <filter><rule><type>pass</type> <descr>Default LAN -> any</descr> <interface>lan</interface> <source> <network>lan</network> <destination><any></any></destination></rule> <rule><type>pass</type> <interface>opt2</interface> <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype> <os><source> <any><destination><any></any></destination> <descr>trust the Sync-Subnet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter> <ipsec><preferredoldsa></preferredoldsa></ipsec> <aliases><proxyarp><wol><installedpackages><carpsettings><config><pfsyncenabled>on</pfsyncenabled> <pfsyncinterface>SYNC</pfsyncinterface> <balancing><synchronizerules>on</synchronizerules> <synchronizealiases>on</synchronizealiases> <synchronizenat>on</synchronizenat> <synchronizeipsec>on</synchronizeipsec> <synchronizewol>on</synchronizewol> <synchronizestaticroutes>on</synchronizestaticroutes> <synchronizelb>on</synchronizelb> <synchronizevirtualip>on</synchronizevirtualip> <synchronizetrafficshaper>on</synchronizetrafficshaper> <synchronizednsforwarder>on</synchronizednsforwarder> <synchronizetoip>192.168.250.2</synchronizetoip> <password>********</password></balancing></config></carpsettings></installedpackages> <revision><description>/firewall_nat_out.php made unknown change</description> <time>1145994769</time></revision> <virtualip><vip><mode>carp</mode> <interface>wan</interface> <vhid>1</vhid> <advskew>0</advskew> <password>********</password> <descr>WAN-NSN-CARP</descr> <type>single</type> <subnet_bits>23</subnet_bits> <subnet>*.*.218.245</subnet></vip> <vip><mode>carp</mode> <interface>lan</interface> <vhid>3</vhid> <advskew>0</advskew> <password>********</password> <descr>LAN-CARP</descr> <type>single</type> <subnet_bits>23</subnet_bits> <subnet>192.168.0.3</subnet></vip></virtualip></wol></proxyarp></aliases></syslog></bridge></ovpn></bigpond></pptp></pppoe></staticroutes></lastchange></pfsense> -
correction: it's not routing any packets, not just dns. I've looked through the system logs and diagnostics. I'm not sure what to do to get it routing properly. I can ping the lan carp ip ( 192.168.0.3 ), but I can't ping the isp default gateway - something that does work on my old router, so I assume it's not routing packets at all. Please advise
-
... <interfaces><lan><if>rl1</if> <ipaddr>192.168.0.250</ipaddr> <subnet>24</subnet> <media><mediaopt><bandwidth>100</bandwidth> <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> ... <vip><mode>carp</mode> <interface>lan</interface> <vhid>3</vhid> <advskew>0</advskew> <password>********</password> <descr>LAN-CARP</descr> <type>single</type> <subnet_bits>23</subnet_bits> <subnet>192.168.0.3</subnet></vip></interfaces>Why does your CARP LAN VIP have a /23 subnetmasks?
-
Why does your CARP LAN VIP have a /23 subnetmasks?
D'oh! (smacks forehead) I can't believe I missed that. It's routing packets now! Thanks a million!
-
;D